trafodion-codereview mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robertamarton <...@git.apache.org>
Subject [GitHub] trafodion pull request #1520: [TRAFODION-2600] Unable to create view ... but...
Date Mon, 16 Apr 2018 22:30:45 GMT
GitHub user robertamarton opened a pull request:

    https://github.com/apache/trafodion/pull/1520

    [TRAFODION-2600] Unable to create view ... but user has SELECT privilege

    Query invalidation is not resetting the role list when a user is granted a role.
    For DML operations, we always retry the request once, and between retries, the
    role list is reset.  So DML works on a retry.
    However, DDL operations are not retried, so the role list is not reset and the
    create view fails.
    
    An analogous issue exists when the role is revoked from a user and the role
    list is not reset.  In this case, the user can still create views even though
    they no longer have the privilege.
    
    Changes:
    - Grant role: sends a new query invalidation key
    - Revoke role: forces a query invalidation check even if the key is not present
    - Displays query invalidation keys when debug option DBUSER_DEBUG is set, e.g:
       set envvar DBUSER_DEBUG 1;

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/robertamarton/incubator-trafodion jira-2600

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/trafodion/pull/1520.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1520
    
----
commit f9820b26144a45b7c7cbdedaeefc832f150f5d45
Author: Roberta Marton <roberta.marton@...>
Date:   2018-04-16T22:26:07Z

    [TRAFODION-2600] Unable to create view ... but user has SELECT privilege
    
    Query invalidation is not resetting the role list when a user is granted a role.
    For DML operations, we always retry the request once, and between retries, the
    role list is reset.  So DML works on a retry.
    However, DDL operations are not retried, so the role list is not reset and the
    create view fails.
    
    An analogous issue exists when the role is revoked from a user and the role
    list is not reset.  In this case, the user can still create views even though
    they no longer have the privilege.
    
    Changes:
    - Grant role: sends a new query invalidation key
    - Revoke role: forces a query invalidation check even if the key is not present
    - Displays query invalidation keys when debug option DBUSER_DEBUG is set, e.g:
       set envvar DBUSER_DEBUG 1;

----


---

Mime
View raw message